Cyber criminals eyeing unprotected corporate intellectual property

With their sights set on something of more monetary value, cyber criminals are shifting their focus from customer and employee data like Social Security numbers to unprotected corporate intellectual property. With many high-profile organizations being hit by more sophisticated attacks, reactive security approaches are making it difficult for organizations to keep up with the bad guys.

According to the article, “Forget Social Security numbers — cyber criminals want your intellectual property,” hackers are getting better at posing as insiders to infiltrate organizations’ networks. As a result, Scott Aken, VP for cyber operations at the Science Applications International Corporation (SAIC), said new strategies are needed to combat today’s cyber criminal techniques.

“Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely — just as an insider would. Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks from this blended threat.”

Gartner report recommends whitelisting as a ‘complementary’ malware defense

A Gartner report released in March said that while whitelisting technology is a way to prevent malware attacks on corporate servers and PCs, it recommends whitelisting be used as a complementary security defense, not a substitute for traditional antivirus software.

According to the article, “Whitelisting on its own not a substitute for antivirus software,” because blacklist-based solutions can no longer keep up with today’s prolific attack software, enterprises should consider application control and whitelisting as a “strategic or tactical approach” to help protect their network endpoints from malicious code.

To some people’s amazement, CoreTrace actually agrees with many of Gartner’s opinions on this topic, as I wrote about in this post: Why whitelisting is not a standalone replacement for traditional antivirus…”. Please let me know your thoughts on it.

Attacks on federal government networks increased in 2010

According to a recent Congressional report, federal government networks experienced a 39% jump in the number of cyber attacks in 2010 than in the previous year, but overall incidents reported to US-CERT were down. While phishing attacks dropped, Trojans, viruses and worms were among the types of attacks that increased year-over-year.

To help government agencies protect their networks from more targeted malware attacks, the National Institute of Standards and Technology (NIST) published a report to support the Federal Information Security Management Act (FISMA).

Instead of focusing strictly on IT initiatives, NIST recommends organizations take a broader approach to federal IT security by considering risk management and security in their overall objectives and business functions. By prioritizing decisions around security, organizations can better address new security challenges facing the federal government and U.S. critical infrastructure.

Trojan-based attacks still top malware threat

Several security studies found that Trojan-based attacks remain the top malware threat, accounting for six of the top 10 threat types in February. With 1 in every 290 emails malicious, Symantec’s 2011 MessageLabs Intelligence Report said the month was one of the most prolific periods ever for the threats. The report also found that governmental organizations were the most targeted, with 1 in 41.1 emails blocked as malicious.

Based on the botnet activity patterns, it appeared that cyber criminals were working together as well-timed and highly targeted Zeus, SpyEye and Bredolab variants were distributed in alternating patterns throughout the month.

While Trojan-based attacks led the way, Symantec and GFI Software researchers said PDF exploits accounted for a growing number of document types used in cyber attacks. Looking at the current trends, by the middle of this year 76% of targeted malware could be used for PDF exploits, which concerns Paul Wood, MessageLabs Intelligence senior analyst.

“PDF-based targeted attacks are here to stay and are predicted to worsen as malware authors continue to innovate in the delivery, construction and obfuscation of the techniques necessary for this type of malware.”

While Panda Security researchers reported Trojans were responsible for 61% of malware infections, the only silver-lining was that infection rates dropped from 50% in January to 39% in February.

Thanks for reading this month’s wrap-up security blog. Be sure to regularly stop by to read and provide your thoughts on the biggest stories in the security industry.

In the article, “New exploit technique nullifies major Windows defense,” some researchers worry that a proof-of-concept code published by Google security software engineer, Berend-Jan Wever, could actually lead to more successful attacks against Microsoft’s newer operating systems.

While Wever claims the proof-of-concept doesn’t do any harm because it’s wrapped around an exploit of a bug in Internet Explorer 6 (IE6) that was patched years ago, MicroTrend’s Ria Rivera wrote in the company’s malware blog that the exposure could be used to further enhance exploits, and expects to see it used within exploits soon.

“After Wever released his heap-spraying exploit codes in 2005, a lot of new exploits started using that technique. It would thus be not far-fetched that the release of this new proof-of-concept could lead to the same scenario — new exploits could start using ‘return-to-libc’ to achieve DEP bypass.”

With so many data compromises arising from the latest disclosed vulnerability it seems so clear that now is the time to completely re-evaluate the way we approach desktop security. Vulnerabilities lose their power when you address the core issue of controlling what applications are allowed to run on your system in the first place whether these applications were added by a user or by malicious code exploiting a security hole.